Re: [b2g] Enabling certified app debugging on production phones.

[Stephanie Ouillon]

> 
> On Sep 9, 2014, at 8:17 PM, Paul Theriault <ptheria...@mozilla.com> wrote:
> 
> >> 
> >> I'm specifically suggesting that we don't need the "developer PIN", but
> >> maybe you're referring to the lockscreen PIN? I definitely do think the
> >> users should have their lockscreen PIN enabled ^_^
> > 
> > Yeh I agree that is confusing in the doc - we talk about a developer pin
> > code which is kept in sync with the lockscreen passcode. Overly complex i
> > think. It should just BE the lockscreen passcode.
> 
> Great! Yeah, I found it hard to understand when lockscreen passcode changes
> would/wouldn't also change the developer pin.
> 
> In that case, do you still think it's necessary to require the passcode be
> set during FTU?
> 
Yes, because a user is not forced to set a PIN code for the the lockscreen.
In the case it is not set, an attacker could just go in the settings,
set his own PIN code, and enable debugging.
_______________________________________________
dev-b2g mailing list
dev-b2g@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-b2g